CVE Catalog

CVE-2026-13579

MediumCVSS 6.3
Published: Updated: Translated: NVD NIST

Summary

A SQL injection vulnerability has been found in itsourcecode Hospital Management System 1.0 in the /patientchangepassword.php file. By manipulating the newpassword argument, an attacker can remotely execute unauthorized database queries. The exploit has been made public, increasing the risk of attacks.

Risk Assessment

The organization is at risk of sensitive patient data leakage and potential takeover of the hospital management system. The attack can be performed remotely without authentication.

Recommendation

Immediately update the system to the latest version or apply a security patch. Additionally, validate and sanitize all input data in the /patientchangepassword.php file.

Original NVD description (English source)

A weakness has been identified in itsourcecode Hospital Management System 1.0. Affected by this issue is some unknown functionality of the file /patientchangepassword.php. Executing a manipulation of the argument newpassword can lead to sql injection. The attack may be launched remotely. The exploit has been made available to the public and could be used for attacks.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS